binjo - Security Researcher - Exploit Intelligence Platform

CVE-2012-1876 METASPLOIT ruby WORKING POC

Microsoft Internet Explorer - Code Injection

Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.

View Code

CVE-2012-4969 METASPLOIT HIGH ruby WORKING POC

Microsoft Internet Explorer <10 - RCE

Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.

CVSS 8.1

View Code

CVE-2012-1889 METASPLOIT HIGH ruby WORKING POC

Microsoft Xml Core Services - Out-of-Bounds Write

Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

CVSS 8.8

View Code

CVE-2012-4969 EXPLOITDB HIGH ruby WORKING POC

Microsoft Internet Explorer <10 - RCE

Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.

CVSS 8.1

View Code

CVE-2012-1876 EXPLOITDB ruby WORKING POC

Microsoft Internet Explorer - Code Injection

Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.

View Code

CVE-2012-1889 EXPLOITDB HIGH ruby WORKING POC

Microsoft Xml Core Services - Out-of-Bounds Write

Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

CVSS 8.8

View Code